There has been quite a lot of talk in social media in recent days about Klout. This has been prompted in large part by an adjustment in Klout scores, which saw a huge drop in influence (10 points in my case). To a lesser extent, some discussion has been generated in response to a very interesting article by Charlie Stross. Klout is not a social network, it is a self-described method to measure influence in social media, from Twitter to Facebook, Klout allegedly measures how many people engage with your content throughout the social sphere. This means that they take into account how many shares, likes, retweets, replies, +1s, and similar social currency you accumulate, and gives you a Klout influence number. So, Lady Gaga and Justin Bieber score quite high in Klout, but also do some social media stars that are not celebrities as such.
I have to admit that I liked the idea of Klout, and that I included a link to it in this blog, and even engaged directly with the site by giving Klout points to people whose content I enjoyed. However, it has been increasingly clear that Klout manages its social engagement analysis by practices that go way beyond what one would normally be comfortable with. The system seems to be based on a very intrusive data mining of everything that you do online. This is done by a system called “supercookies“, which are cookie files stored in different locations to normal cookies, so they are very difficult to track. The problem is that these are sneakily stored because of a simple reason: these cookies are gathering browse history information to create a more detailed picture of the user’s surfing patterns. In the case of Klout, it seems clear that they collect data of what you do from across several social networks, as the interconnection between these services is fundamental to what Klout does. In other words, everything you click, view, like, retweet or share in social networks is available to Klout.
Moreover, Klout is also very intrusive in how it propagates, it has been accused of opening accounts for people who have not signed up to the service, including minors and other subjects that are not likely to be able to offer viable consent. This practice alone is what makes me more concerned about the service.
As mentioned above, Charlie Stross seems to be very concerned about the privacy implications of Klout, and I share most of his concerns. He goes on to describe the issues with the system, but goes further, and declares Klout to be illegal in the UK. As much as I like his books, I have to disagree with his legal take on Klout. Stross says:
“Here in the civilized world we have a fundamental right to privacy. Klout, by its viral nature (and particularly by tracking people without their prior consent) is engaging in flat-out illegal practices. Don’t believe me? Well, here in the UK activities relating to the processing of personal information are governed by the Data Protection Act (1998), a law enforced by the Information Commissioner’s Office.
As we saw earlier, Klout assert that they have the right to collect information about you and conduct direct marketing campaigns if you visit their website. For those of us who are not lawyers, here is the ICO’s conditions for processing personal data: [snip]
There are many issues here. Firstly, it can be contested that there is such a thing as a right to privacy in the UK. Art. 8 of the European Convention of Human Rights does establish it, but English courts have repeatedly expressed that there is no right to privacy in common law, and therefore there is no such tort. Courts have been increasingly applying the concept of privacy present in the ECHR, but this is separate from the existence of data protection law. DP is not privacy law, the interests protected are very different from one another, data protection covers information self-determination, which is not the same as privacy, although they may intersect in some occasions.
The second problem with the Stross analysis is the very important question of jurisdiction. I would tend to agree that Klout may be in violation of the Data Protection Act and the European Data Protection Principles as detailed in the above paragraphs. However, Klout is a U.S. company based in San Francisco, and as such it has no reason to comply with European and UK laws, even if the services are available there via the wonders of the Internet. Were they to open a European office, then they would certainly be subject to data protection enforcement, much as Google, Facebook and other Internet giants with European offices have been. Klout cannot be held liable if European citizens forego their rights and use a service that may be violating their rights.
Having said that, I have to share Charlie Stross’ concerns about Klout, and I have removed the link to Klout, and decided to close my account with them. I have to say that the cancellation process seemed to go on without a hitch. Whether any information they have accumulated will remain on their servers is an entirely different question.
I wonder if all of the negative vibe will work against Klout. So far it has been a marketer’s dream. Perhaps it might be time to wake up.